This patch fixes a number of endianness marking issues in the ccp
driver.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: NJohn Allen <john.allen@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Some user-space programs rely on crypto requests that have no
control metadata.  This broke when a check was added to require
the presence of control metadata with the ctx->init flag.

This patch fixes the regression by setting ctx->init as long as
one sendmsg(2) has been made, with or without a control message.
Reported-by: NSachin Sant <sachinp@linux.vnet.ibm.com>
Reported-by: NNaresh Kamboju <naresh.kamboju@linaro.org>
Fixes: f3c802a1 ("crypto: algif_aead - Only wake up when...")
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

features[] and id_table[] are not modified and can be made const to
allow the compiler to put them in read-only memory.

Before:
   text    data     bss     dec     hex filename
  11534    2056     160   13750    35b6 drivers/crypto/virtio/virtio_crypto_core.o

After:
   text    data     bss     dec     hex filename
  11630    1992     128   13750    35b6 drivers/crypto/virtio/virtio_crypto_core.o
Signed-off-by: NRikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

id_table[] is not modified and an be made const to allow the compiler to
put it in read-only memory.

Before:
   text    data     bss     dec     hex filename
   1746     192       8    1946     79a drivers/char/hw_random/virtio-rng.o

After:
   text    data     bss     dec     hex filename
   1762     176       8    1946     79a drivers/char/hw_random/virtio-rng.o
Signed-off-by: NRikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

nmk_rng_ids[] is not modified and can be made const to allow the
compiler to put it in read-only memory.

Before:
   text    data     bss     dec     hex filename
    652     216       4     872     368 drivers/char/hw_random/nomadik-rng.o

After:
   text    data     bss     dec     hex filename
    676     192       4     872     368 drivers/char/hw_random/nomadik-rng.o
Signed-off-by: NRikard Falkeborn <rikard.falkeborn@gmail.com>
Acked-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

bcm2835_rng_devtype[] is not modified and can be made const to allow the
compiler to put it in read-only memory.

Before:
   text    data     bss     dec     hex filename
   2392     176       0    2568     a08 drivers/char/hw_random/bcm2835-rng.o

After:
   text    data     bss     dec     hex filename
   2464     104       0    2568     a08 drivers/char/hw_random/bcm2835-rng.o
Signed-off-by: NRikard Falkeborn <rikard.falkeborn@gmail.com>
Acked-by: NFlorian Fainelli <f.fainelli@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As HW_RANDOM_BA431 does not have any platform dependency, it should not
default to enabled.

Fixes: 0289e9be ("hwrng: ba431 - add support for BA431 hwrng")
Signed-off-by: NGeert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The ba431 driver depends on HAS_IOMEM and this was missing from
the Kconfig file.
Reported-by: Nkernel test robot <lkp@intel.com>
Fixes: 0289e9be ("hwrng: ba431 - add support for BA431 hwrng")
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Forward requests to another provider if the key length for AES-XTS is
192 bits as this is not supported by the QAT accelerators.

This fixes the following issue reported with the option
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:

  alg: skcipher: qat_aes_xts setkey failed on test vector "random: len=3204 klen=48"; expected_error=0, actual_error=-22, flags=0x1
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Remove tfm field in qat_alg_skcipher_ctx structure.
This is not used.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Validate AES-XTS key using the function xts_verify_key() to prevent
malformed keys.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Allow AES-XTS requests that are not multiple of the block size.
If a request is smaller than the block size, return -EINVAL.

This fixes the following issue reported by the crypto testmgr self-test:

  alg: skcipher: qat_aes_xts encryption failed on test vector "random: len=116 klen=64"; expected_error=0, actual_error=-22, cfg="random: inplace may_sleep use_finup src_divs=[<reimport>45.85%@+4077, <flush>54.15%@alignmask+18]"

Fixes: 96ee111a ("crypto: qat - return error for block...")
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a bunch of sparse warnings by adding __force tags
when casting __iomem poitners to u64.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes an unused variable warning when this driver is
built-in with CONFIG_OF=n.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes an unused variable warning when this driver is
built-in with CONFIG_OF=n.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes an unused variable warning when this driver is
built with CONFIG_OF=n.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes an unused variable warning when this driver is
built-in with CONFIG_OF=n.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes an unused variable warning when this driver is
built-in with CONFIG_OF=n.  While we're at it this patch also
expands the compiler coverage when CONFIG_OF is off by removing
all the CONFIG_OF ifdefs.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes an unused variable warning when this driver is
built-in with CONFIG_OF=n.
Reported-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The change on the ux500 branch is needed by the regulator API.

A recent change to the Regulator consumer API (which this driver
utilises) add prototypes for the some suspend functions.  These
functions require including header file include/linux/suspend.h.

The following tree of includes affecting this driver will be
present:

   In file included from include/linux/elevator.h:6,
                    from include/linux/blkdev.h:288,
                    from include/linux/blk-cgroup.h:23,
                    from include/linux/writeback.h:14,
                    from include/linux/memcontrol.h:22,
                    from include/linux/swap.h:9,
                    from include/linux/suspend.h:5,
                    from include/linux/regulator/consumer.h:35,
                    from drivers/crypto/ux500/hash/hash_core.c:28:

include/linux/elevator.h pulls in include/linux/hashtable.h which
contains its own version of hash_init().  This confuses the build
system and results in the following error (amongst others):

 drivers/crypto/ux500/hash/hash_core.c:1362:19: error: passing argument 1 of '__hash_init' from incompatible pointer type [-Werror=incompatible-pointer-types]
 1362 |  return hash_init(req);

Fix this by namespacing the local hash_init() such that the
source of confusion is removed.

Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: David S. Miller <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: NLee Jones <lee.jones@linaro.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add John Allen as a new CCP driver maintainer. Additionally, break out
the driver SEV support and create a new maintainer entry, with Brijesh
Singh and Tom Lendacky as maintainers.

Cc: John Allen <john.allen@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
Acked-by: NJohn Allen <john.allen@amd.com>
Acked-by: NBrijesh Singh <brijesh.singh@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes all the sparse warnings in the octeontx driver.
Some of these are just trivial type changes.

However, some of the changes are non-trivial on little-endian hosts.
Obviously the driver appears to be broken on either LE or BE as it
was doing different things.  I've taken the BE behaviour as the
correct one.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

PASID is defined as "int" although it's a 20-bit value and shouldn't be
negative int. To be consistent with PASID type in iommu, define PASID
as "u32".
Suggested-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NFenghua Yu <fenghua.yu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Clang's integrated assembler complains "invalid reassignment of
non-absolute variable 'var_ddq_add'" while assembling
arch/x86/crypto/aes_ctrby8_avx-x86_64.S. It was because var_ddq_add was
reassigned with non-absolute values several times, which IAS did not
support. We can avoid the reassignment by replacing the uses of
var_ddq_add with its definitions accordingly to have compatilibility
with IAS.

Link: https://github.com/ClangBuiltLinux/linux/issues/1008Reported-by: NSedat Dilek <sedat.dilek@gmail.com>
Reported-by: NFangrui Song <maskray@google.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # build+boot Linux v5.7.5; clang v11.0.0-git
Signed-off-by: NJian Cai <caij2003@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Running the crypto manager self tests with
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS may result in several types of errors
when using the ccp-crypto driver:

alg: skcipher: cbc-des3-ccp encryption failed on test vector 0; expected_error=0, actual_error=-5 ...

alg: skcipher: ctr-aes-ccp decryption overran dst buffer on test vector 0 ...

alg: ahash: sha224-ccp test failed (wrong result) on test vector ...

These errors are the result of improper processing of scatterlists mapped
for DMA.

Given a scatterlist in which entries are merged as part of mapping the
scatterlist for DMA, the DMA length of a merged entry will reflect the
combined length of the entries that were merged. The subsequent
scatterlist entry will contain DMA information for the scatterlist entry
after the last merged entry, but the non-DMA information will be that of
the first merged entry.

The ccp driver does not take this scatterlist merging into account. To
address this, add a second scatterlist pointer to track the current
position in the DMA mapped representation of the scatterlist. Both the DMA
representation and the original representation of the scatterlist must be
tracked as while most of the driver can use just the DMA representation,
scatterlist_map_and_copy() must use the original representation and
expects the scatterlist pointer to be accurate to the original
representation.

In order to properly walk the original scatterlist, the scatterlist must
be walked until the combined lengths of the entries seen is equal to the
DMA length of the current entry being processed in the DMA mapped
representation.

Fixes: 63b94509 ("crypto: ccp - CCP device driver and interface support")
Signed-off-by: NJohn Allen <john.allen@amd.com>
Cc: stable@vger.kernel.org
Acked-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Crypto test driver's test_ahash_speed calls crypto_ahash_update and
crypto_ahash_final APIs repeatedly for all the available test vector
buffer lengths.

if we mark the end for scatterlist based on the current vector size then
the subsequent vectors might fail if the later buffer lengths are higher.

To avoid this, in qce do not mark the end of scatterlist in update API,
the qce_ahash_async_req_handle API already takes care of this copying
right amount of buffer from the request scatter list.
Signed-off-by: NSivaprakash Murugesan <sivaprak@codeaurora.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

crypto testmgr deliberately corrupts the request context while passing
vectors to the import. This is to make sure that drivers do not rely on
request but they take all the necessary input from io vec passed to it.

qce casts the request context from request parameter, since it is corrupted
the sub squent hash request fails and qce hangs.

To avoid this re-initialize request context on import. The qce import
API alreasy takes care of taking the input vectors from passed io vec.
Signed-off-by: NSivaprakash Murugesan <sivaprak@codeaurora.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

crypto test module passes zero length vectors as test input to sha-1 and
sha-256. To provide correct output for these vectors, hash zero support
has been added as in other crypto drivers.
Signed-off-by: NSivaprakash Murugesan <sivaprak@codeaurora.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

pm_runtime_get_sync() increments the runtime PM usage counter even
the call returns an error code. Thus a corresponding decrement is
needed on the error handling path to keep the counter balanced.

Fix this by adding the missed function call.
Signed-off-by: NDinghao Liu <dinghao.liu@zju.edu.cn>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Remove yet another unused field left over from times gone by.
Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The ESSIV support in ccree was added before the kernel
generic support and using a slightly different API.

Brings the ccree essiv interface into compliance with
kernel crypto api one.

Since CryptoCell only support 256 bit AES key for ESSIV,
also use a fallback if requested a smaller key size.
Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Libo Wang <libo.wang@arm.com>
Cc: Markus Elfring <Markus.Elfring@web.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix a small resource leak on the error path of cipher processing.
Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
Fixes: 63ee04c8 ("crypto: ccree - add skcipher support")
Cc: Markus Elfring <Markus.Elfring@web.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

ahash_finup_no_ctx() returns -ENOMEM in most error cases,
and this is fine for almost all of them.

However, the return code provided by dpaa2_caam_enqueue()
(e.g. -EIO or -EBUSY) shouldn't be overridden by -ENOMEM.
Signed-off-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The variable err is being initialized with a value that is never read
and it is being updated later with a new value.  The initialization is
redundant and can be removed.

Addresses-Coverity: ("Unused value")
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The variable ret is being assigned with a value that is never read
and it is being updated later with a new value.  The assignment is
redundant and can be removed.

Addresses-Coverity: ("Unused value")
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

We haven't used string.h since the memcpy calls were removed so
this patch removes its inclusion.  The file uaccess.h isn't needed
at all.  However, removing it reveals that we do need to add an
inclusion for refcount.h.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

There is this call chain:
sec_alg_skcipher_encrypt -> sec_alg_skcipher_crypto ->
sec_alg_alloc_and_calc_split_sizes -> kcalloc
where we call sleeping allocator function even if CRYPTO_TFM_REQ_MAY_SLEEP
was not specified.
Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org	# v4.19+
Fixes: 915e4e84 ("crypto: hisilicon - SEC security accelerator driver")
Acked-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

There is this call chain:
cvm_encrypt -> cvm_enc_dec -> cptvf_do_request -> process_request -> kzalloc
where we call sleeping allocator function even if CRYPTO_TFM_REQ_MAY_SLEEP
was not specified.
Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org	# v4.11+
Fixes: c694b233 ("crypto: cavium - Add the Virtual Function driver for CPT")
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes sparse endianness warnings as well as compiler
warnings on 64-bit hosts.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: NTero Kristo <t-kristo@ti.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>